Free Malware Removal Forum

[anonymity]

infected computer cannot connect to the internet, it is stopped by the antivirus program because the malware is trying to connect to the internet. The computer i am using to access the internet is not infected. how can i download Microsoft Windows Recovery Console through this computer?

[Carolyn]

Download the tools needed to a flash drive or other removable media, and transfer them to the infected computer.

***************************************************

Download ComboFix from one of these locations:

Link 1
Link 2


**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

With malware infections being as they are today, it's strongly recommended to have the Windows Recovery Console pre-installed on your machine before doing any malware removal.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.


Go to Microsoft's website => http://support.microsoft.com/kb/310994

Scroll down to Step 1, and select the download that's appropriate for your Operating System. Download the file & save it as it's originally named.

Note: If you have SP3, use the SP2 package.


---------------------------------------------------------------------

Transfer all files you just downloaded, to the desktop of the infected computer.

--------------------------------------------------------------------


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

• Drag the setup package onto ComboFix.exe and drop it.
  
  
  
• Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.
  
  
  
  
  
  
  
• At the next prompt, click 'Yes' to run the full ComboFix scan.
  
  
  
• When the tool is finished, it will produce a report for you.

Please post the C:\ComboFix.txt in your next reply.

[anonymity]

hope this was the right one......

ComboFix 09-10-08.04 - Aaron Ko 10/10/2009 11:24.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.952 [GMT -7:00]
Running from: c:\documents and settings\Aaron Ko\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Aaron Ko\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Nathan Ko\Application Data\Gmail
c:\documents and settings\Nathan Ko\Application Data\Gmail\cssxo9416223.exe
c:\documents and settings\Nathan Ko\Application Data\Gmail\Shell32.dll
c:\documents and settings\Nathan Ko\Application Data\Gmail\Shell32.dll
c:\recycler\S-1-5-21-3968966495-137116618-2045513453-1003
c:\recycler\S-1-5-21-971334563-1478690862-3778208101-1003
c:\windows\Installer\1071e94.msp
c:\windows\Installer\2e81aa9.msp
c:\windows\Installer\90a21f.msp
c:\windows\Installer\954476.msp
c:\windows\Installer\b5a4cb.msp
c:\windows\Installer\c1746.msp
c:\windows\Installer\f34e9f.msp
c:\windows\setup.exe
c:\windows\system32\muzapp.exe

.
((((((((((((((((((((((((( Files Created from 2009-09-10 to 2009-10-10 )))))))))))))))))))))))))))))))
.

2009-10-10 04:51 . 2009-10-10 04:51 -------- d-----w- c:\windows\LastGood
2009-09-29 03:08 . 2009-09-29 03:08 -------- d-----w- c:\documents and settings\Aaron Ko\Local Settings\Application Data\PCHealth
2009-09-26 22:57 . 2009-09-26 22:57 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2009-09-22 00:48 . 2009-09-22 00:48 -------- d-----w- c:\documents and settings\Aaron Ko\Local Settings\Application Data\Sophos
2009-09-22 00:46 . 2009-09-22 00:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Sophos
2009-09-22 00:41 . 2009-09-22 00:46 -------- d-----w- c:\program files\Sophos
2009-09-22 00:41 . 2009-09-22 00:41 -------- d-----w- c:\temp\Sophos
2009-09-22 00:40 . 2009-09-22 00:41 -------- d-----w- C:\Temp
2009-09-19 22:56 . 2009-09-19 22:56 -------- d-sh--w- c:\documents and settings\Peter Ko\IECompatCache
2009-09-19 22:54 . 2009-09-19 22:54 -------- d-sh--w- c:\documents and settings\Peter Ko\PrivacIE
2009-09-19 22:51 . 2009-09-19 22:51 -------- d-sh--w- c:\documents and settings\Peter Ko\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-10 05:45 . 2007-11-24 07:22 -------- d-----w- c:\program files\Warcraft III
2009-10-10 04:39 . 2008-12-18 19:50 -------- d-----w- c:\program files\Steam
2009-10-10 04:38 . 2008-06-15 22:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-10-08 01:33 . 2009-01-19 22:10 -------- d-----w- c:\documents and settings\Aaron Ko\Application Data\BitTorrent
2009-09-27 01:13 . 2009-01-13 07:15 -------- d-----w- c:\documents and settings\Nathan Ko\Application Data\DNA
2009-09-26 22:38 . 2009-01-13 07:15 -------- d-----w- c:\program files\DNA
2009-09-22 03:35 . 2009-03-11 20:48 655940 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-09-22 03:35 . 2009-03-11 20:48 48896544 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-09-22 03:35 . 2009-03-11 20:48 1652768 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-09-22 03:35 . 2009-03-11 20:48 155996 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-09-22 03:19 . 2008-01-04 00:42 -------- d-----w- c:\documents and settings\All Users\Application Data\TELUS
2009-09-22 03:19 . 2008-01-18 17:20 -------- d-----w- c:\documents and settings\Colleen Ko\Application Data\TELUS
2009-09-22 03:19 . 2008-01-12 01:09 -------- d-----w- c:\documents and settings\Ian Ko\Application Data\TELUS
2009-09-22 03:19 . 2008-01-06 05:26 -------- d-----w- c:\documents and settings\Nathan Ko\Application Data\TELUS
2009-09-22 03:19 . 2008-01-04 00:42 -------- d-----w- c:\documents and settings\Peter Ko\Application Data\TELUS
2009-09-22 03:18 . 2008-01-09 03:55 -------- d-----w- c:\documents and settings\Aaron Ko\Application Data\TELUS
2009-09-22 03:18 . 2008-01-04 00:40 -------- d-----w- c:\program files\TELUS
2009-09-19 22:53 . 2009-09-19 22:53 4958032 ----a-w- c:\documents and settings\Peter Ko\Application Data\pdinstall.exe
2009-09-19 22:52 . 2007-11-03 22:28 201424 ----a-w- c:\documents and settings\Peter Ko\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-19 20:51 . 2009-01-13 07:15 -------- d-----w- c:\documents and settings\Nathan Ko\Application Data\BitTorrent
2009-09-10 16:21 . 2009-01-24 01:01 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-10 06:21 . 2008-10-30 04:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-09-05 21:40 . 2008-02-04 07:12 -------- d-----w- c:\documents and settings\Nathan Ko\Application Data\U3
2009-09-05 07:35 . 2009-06-24 22:16 -------- d-----w- c:\documents and settings\Nathan Ko\Application Data\My Battle for Middle-earth(tm) II Files
2009-09-05 07:14 . 2009-04-19 03:53 -------- d-----w- c:\program files\Electronic Arts
2009-08-31 17:35 . 2008-07-14 00:34 34 ----a-w- c:\documents and settings\Nathan Ko\jagex_runescape_preferences.dat
2009-08-22 07:07 . 2007-11-06 01:10 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2009-08-22 05:42 . 2009-08-22 05:23 -------- d-----w- c:\documents and settings\Nathan Ko\Application Data\Nero
2009-08-22 05:22 . 2009-08-22 05:20 -------- d-----w- c:\program files\Common Files\Nero
2009-08-22 05:21 . 2009-08-22 05:20 -------- d-----w- c:\program files\Nero
2009-08-22 05:21 . 2009-08-22 05:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-08-05 09:01 . 2005-03-02 23:44 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:01 . 2005-03-02 23:44 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 06:43 . 2005-03-02 23:45 286208 ----a-w- c:\windows\system32\wmpdxm.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-08 68856]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"Steam"="c:\program files\steam\steam.exe" [2009-06-12 1217784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-10 344064]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-02-08 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-02-08 126976]
"VZRemoteCommander"="c:\program files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe" [2005-01-31 192512]
"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]
"VAIO Update 3"="c:\program files\Sony\VAIO Update 3\VAIOUpdt.exe" [2007-05-16 551032]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"Adobe Version Cue CS2"="c:\program files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-05 856064]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2005-03-15 196608]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2005-03-23 217088]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"Profiler"="c:\program files\Saitek\Software\Profiler.exe" [2004-01-28 159744]
"SaiSmart"="c:\program files\Saitek\Software\SaiSmart.exe" [2004-01-28 98304]
"TELUS_eCare_Lite_McciTrayApp"="c:\program files\TELUS_eCare_Lite\eCareTrayApp.exe" [2007-01-24 1007720]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-27 282624]
"Auto Auto EPSON Stylus CX3800 Series on sony on TOSHIBA"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE" [2005-02-08 98304]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-07-10 195072]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"Auto EPSON Stylus CX3800 Series on HP-KO"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE" [2005-02-08 98304]
"Tsa.exe"="c:\program files\TELUS\TELUS security advisor\Tsa.exe" [2008-09-18 3228912]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2004-06-29 88363]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" - c:\windows\system32\Hdaudpropshortcut.exe [2004-08-13 61952]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-11-02 77824]
"AlcWzrd"="ALCWZRD.EXE" - c:\windows\ALCWZRD.EXE [2004-11-29 2748928]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2007-11-3 25214]
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart17.exe [2006-3-5 11000]
AutoUpdate Monitor.lnk - c:\program files\Sophos\AutoUpdate\ALMon.exe [2009-9-11 245760]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2008-1-26 118784]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"=
"c:\\Program Files\\Starcraft\\StarCraft.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Games\\Halo\\halo.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Battlefront II\\GameData\\BattlefrontII.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Steam\\SteamApps\\blazerino\\team fortress 2\\hl2.exe"=
"c:\\WINDOWS\\system32\\lmabcoms.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=

R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 8:19 PM 13592]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\NATHAN~1\LOCALS~1\Temp\DCDE0.tmp --> c:\docume~1\NATHAN~1\LOCALS~1\Temp\DCDE0.tmp [?]
S3 SaiH0109;SaiH0109;c:\windows\system32\drivers\SaiH0109.sys [12/14/2007 6:04 PM 55936]
S3 SaiU0109;SaiU0109;c:\windows\system32\drivers\SaiU0109.sys [12/14/2007 6:04 PM 19456]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-10-10 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-11-04 02:41]

2009-10-10 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 03:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.ca/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - c:\program files\QuickTax 2007\ic2007pp.dll
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-realtekc - c:\documents and settings\Nathan Ko\Application Data\Gmail\cssxo9416223.exe
AddRemove-Direct MIDI to MP3 Converter_is1 - c:\program files\Direct MIDI to MP3 Converter\unins000.exe
AddRemove-HijackThis - c:\documents and settings\Aaron Ko\Desktop\Trend Micro\HijackThis\HijackThis.exe
AddRemove-{B931FB80-537A-4600-00AD-AC5DEDB6C25B} - c:\program files\Electronic Arts\The Lord of the Rings



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-10 11:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\NATHAN~1\LOCALS~1\Temp\DCDE0.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(808)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(864)
c:\progra~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.
Completion time: 2009-10-10 11:32
ComboFix-quarantined-files.txt 2009-10-10 18:32

Pre-Run: 37,052,088,320 bytes free
Post-Run: 39,417,737,216 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

223 --- E O F --- 2009-10-10 18:09

[Carolyn]

Hello,

I'm sorry for taking so long to reply. We were without power for most of the day here.

Please do the following:

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

Code: Select all

KILLALL::

File::
c:\windows\system32\drivers\svchost.exe

Folder::
c:\documents and settings\Aaron Ko\Application Data\BitTorrent
c:\documents and settings\Nathan Ko\Application Data\DNA
c:\program files\DNA
c:\documents and settings\Nathan Ko\Application Data\BitTorrent

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\DNA\\btdna.exe"=-
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=-
"%windir%\\system32\\drivers\\svchost.exe"=-

Driver::
GarenaPEngine

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

=================

How is your computer behaving now? Are you able to access the internet from the computer?

If you are able to access the internet, please do the following:

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

• Please go here then click on:
  

  Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
  All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

• Select the option YES, I accept the Terms of Use then click on:
  
• When prompted allow the Add-On/Active X to install.
  
• Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  
• Now click on Advanced Settings and select the following:

• Scan for potentially unwanted applications
  
• Scan for potentially unsafe applications
  
• Enable Anti-Stealth Technology
• Now click on:
  
• The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  
• When completed the Online Scan will begin automatically.
  
• Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  
• When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  
• Now click on:
  
• Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  
• Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

================

Please post the contents of the ComboFix log, the ESET log (if available) and a description of how your computer is behaving now.

[anonymity]

ok, but i have one thing to add about the accessing internet part - i had sophos installed before on my infected comp, and whenever i tried to acess the internet i got a message that a program called something like "mal.fake.adv" was trying to access the internet, and sophos blocked internet access.....is this still what you mean by me being able to access the internet? I just want to make sure that there's no confusion about the "can't access internet" part of the subject (since it's not the malware that blocks my internet but rather my internet protection blocking the malware and subsequently everything)

[Carolyn]

Thank you - that was not my understanding and I am glad that you are not having problems accessing the internet.

Please post the logs requested in my previous reply when available.

[anonymity]

contents of CF log:

ComboFix 09-10-08.04 - Aaron Ko 10/14/2009 18:23.2.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.943 [GMT -7:00]
Running from: c:\documents and settings\Aaron Ko\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Aaron Ko\Desktop\CFScript.txt
* Created a new restore point

FILE ::
"c:\windows\system32\drivers\svchost.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Aaron Ko\Application Data\BitTorrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\???@????@???? Kamikaze Girls Vol.60 ????? ??????.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\??S?????????-???.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\[NDS-Multi6] LEGO Battles (EUR).torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\[NDS]Age of empires Mythologies [Fix][EUR][by tonip1993].rar.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\[NDS]Best of arcade games.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\[NDS]Ghostbusters[USA][ESPALNDS.com].zip.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\[NDS]Mega Man Star Force 3 Black Ace [USA][ESPALNDS.com].zip.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\[NDS]Mega Man Star Force 3 Red Joker [USA][ESPANDS.com].zip.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\[NDS]MySims_Racing[EUR][ESPALNDS.com].zip.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\[NDS]Naruto Ninja Destiny II European Version [EUR][ESPALNDS.com].zip.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\[NDS]Naruto_Shippuden_Ninja_Council_4[USA][ESPALNDS.com].zip.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\[NDS]Pokemon_Platinum[USA][ESPALNDS.com].zip.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\[NDS]Super Robot Taisen OG Saga Endless Frontier [USA][ESPALNDS.com].zip.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\[NDS]Warcraft Tower Defense V 0.5[TmasGames.com].torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\[Private Tropical] - Deep Lust - DVDRIP [01 34 00] [avi] [576x320].torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\24.S07E22.HDTV.XviD-LOL.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\2641 - Pokemon Platinum (J)-patched.nds.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\40 Celebrity Girls Wallpapers 1280 X 960 (www.downloadfreewallpapers.co.cc).torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\613 - Starr 3.wmv.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\a1on1sakurascott_2k.wmv.1.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\a1on1sakurascott_2k.wmv.2.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\a1on1sakurascott_2k.wmv.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Adriana_DeVille_(I Came In Your Mom 2).torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Alektra_Blue_(Pretty As They Cum).torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\American Daydreams.1.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\American Daydreams.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\American Pie 1 (1999).torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\American Pie 1.2.3.4.5.6[1999-2007]XviD.NeRoZ.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\American Pie 3 The Wedding[2003]DvDrip[Eng]-BugZ.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\American pie 3.avi.1.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\American pie 3.avi.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\American pie 6.avi.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\American.Pie.Presents.Beta.House[Unrated][2007]DvDrip[Eng].avi.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Asa Akira(Too Small To Take It All).avi.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Asian 1 on 1 Vol.3.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Asian Cheerleaders #2.avi.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Asian Cheerleaders Vol.2.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Asian Fights - Nyomi Marcela VS Tia Tanaka.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Asian Fucking Nation.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Asian P.O.V. 6.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Asian Sex Slaves #01.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\ASIAN XXX - Avena Lee.wmv.1.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\ASIAN XXX - Avena Lee.wmv.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Asian.Fever.37.[English].XXX.DVDRiP.XviD-[WwW.TorrentesX.CoM].avi.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Asian.Fever.All.Stars.XXX.DVDRip.XviD-XCiTE.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Asian.POV.5.XXX.DVDrip.XviD-XCiTE.1.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Asian.POV.5.XXX.DVDrip.XviD-XCiTE.2.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Asian.POV.5.XXX.DVDrip.XviD-XCiTE.3.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Asian.POV.5.XXX.DVDrip.XviD-XCiTE.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Asian.Slut.Invasion.5.XXX.DVDRip.XviD-CLiT.1.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Asian.Slut.Invasion.5.XXX.DVDRip.XviD-CLiT.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Asian.Stravaganza.2.DISC1.XXX.DVDRip.XviD-XCiTE.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Asian.Stravaganza.2.DISC2.XXX.DVDRip.XviD-XCiTE.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Asian.Stravaganza.DISC1.XXX.DVDRip.XviD-XCiTE.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Asian.Stravaganza.DISC2.XXX.DVDRip.XviD-XCiTE.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\asian1on1.com - Lielani 2.1.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\asian1on1.com - Lielani 2.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\asian1on1.com - Sakura Scott.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Asses In Public - Alanna Ackerman - Chinatown Tease XXX.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\august_bzv.wmv.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Autodesk.Imagemodeler.2009_19053-Win32.(Incl.Crack).torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Avi 2 DVD Maker.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Barely.Legal.92.[English].XXX.DVDRiP.XviD-[WwW.TorrentesX.CoM].avi.1.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Barely.Legal.92.[English].XXX.DVDRiP.XviD-[WwW.TorrentesX.CoM].avi.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Big Tits At Work - Priya Rai[theSeXXXgod].torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Big Tits In Sports - Phoenix Riding.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\BigTitsAtSchool - Jayden James.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\bittorrent.lng
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Blowjob Quickies.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Bon Jovi.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Brats.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\BZV_lichelle_marie.wmv.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Candice Michelle.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Caribbean Undercover.avi.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Catalina Cruz & Gina Lynn - License To Blow.avi.1.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Catalina Cruz & Gina Lynn - License To Blow.avi.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Charmane Star - Heat Asian Style.avi.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Cheerleaders.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\China Blue XXX [DVDRIP][Asian-Teens][www.lokotorrents.com].torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Cockasian 3 XXX [DVDRip][www.zonatorrent.com].1.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Cockasian 3 XXX [DVDRip][www.zonatorrent.com].torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\ct.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\CUM PUT HER.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Curvy.Girls.4.XXX.DVDRip.XviD-STARLETS.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\da-asa_akira.wmv.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Daisy Marie.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Debbie Does Dallas.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Deep_Inside_Devon [www.Emulebit.com].avi.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\dht.dat
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\dht.dat.old
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\divxfactory-yac.avi.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Doctor Adventures Part 1.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Doctor.Adventures.4.[English].XXX.DVDRiP.XviD-[WwW.TorrentesX.CoM].torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Dorcel Airlines Paris New York (XXX) (ETSeXo.com).avi.1.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Dorcel Airlines Paris New York (XXX) (ETSeXo.com).avi.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Emma starr anal.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\First Time Asian Girls XXX [DVDRIP][Asian Teens][sexotorrent.com].torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\For.Dummies.Blues.Guitar.For.Dummies.2007.eBook.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Forgetting.Sarah.Marshall[2008][Unrated.Edition]DvDrip-aXXo.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Fresh.Outta.High.School.18.XXX.DVDRiP.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Friends.A.XXX.Parody.[English].XXX.DVDRiP.XviD-[WwW.TorrentesX.CoM].torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Friends.A.XXX.Parody.XXX.DVDRiP.XviD-DivXfacTory.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\ Team Five Under Water Fest-Kandi Milan London keys Ashli Orion.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Futurama - Everybody Loves Hypnotoad.avi.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Futurama - Music From The Series.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Futurama season 1-5 (complete) + extras.1.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Futurama season 1-5 (complete) + extras.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\futurama.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Going.The.Distance.2004.Swesub.DvDRip.XviD-Jontey.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Guitar Exercises For Dummies.pdf.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Housewife 1 on 1 - Victoria Sin.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\How_to_Draw_Comic_Book_Heroes_and_Villains_Part_2_Zap!_Pow!_Crunch!.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\I.Love.Asians.9.[English].XXX.DVDRip.[CienPorCienPorno].torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Indiana_Jones_And_The_Staff_Of_Kings_USA_NDS-XPA.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Invasian.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Its.A.Secretary.Thing.2.XXX.DVDRip.XviD-NYMPHO.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Its.Secretary.Thing.2008.DVDRip.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Jacks.Asian.Adventure.3.XXX.DVDRip.XviD-NYMPHO.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Japanese Schoolgirls - Tia Tanaka.avi.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Jenna Haze - Meet The Fuckers 8.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Jenna.Jameson.In.Heart.Breaker.[English].XXX.DVDRip.XVID-[WwW.TorrentesX.CoM].torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\jenna_roxy_plib.wmv.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Jennifer Aniston FUCKED hard by Vince Vaughn in stolen celeb home sex video xxx.wmv.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\kinzie_Kenner.wmv.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Kobe Tai- Bad Girls 8 - 4 sextorrents.de.vu.mpg.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Kobe Tai - anal sex (pain), her first time.1.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Kobe Tai - anal sex (pain), her first time.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Lily thai - me luv you longtime 6.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Lisa Ann - Housewife 1 on 1.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Lisa Ann - Mommas Got It Going.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\LSAT Test Preparation.rar.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\LSAT torrent.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\LSAT.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Lucy Liu hot Asian Celeb FUCKED in XXX Home Sex Video.wmv.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\madison_ivy_18y.wmv.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Make Me Creamy 4 (Asa Akira) XXX [DVDRip][Cream Pie][www.sexotorrent.com].torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Me.So.Asian.6.XXX.DVDRiP.XviD-DivXfacTory.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\mfhmpaigerenee_large.mpg.1.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\mfhmpaigerenee_large.mpg.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Miko Sinz.wmv.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\MofosWorldWide.com - Asa Akira (Fucking the Sensei).torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\moneytalks.com.1.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\moneytalks.com.2.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\moneytalks.com.3.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\MoneyTalks.com.4.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\MoneyTalks.com.Lunch.Munch.XXX.[SiteRip][GoldenPirates].1.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\MoneyTalks.com.Lunch.Munch.XXX.[SiteRip][GoldenPirates].torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\MoneyTalks.com.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Movavi Video Converter v8.0.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Mr Chew's Asian Beaver - Ange Venus.wmv.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Mr Chew's Asian Beaver - Charmane Star.wmv.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Mr Chew's Asian Beaver - Lily Thai.wmv.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Mr Chew's Asian Beaver - Miko Sinz.wmv.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Mr Chew's Asian Beaver - Nautica Thorn.mpg.1.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Mr Chew's Asian Beaver - Nautica Thorn.mpg.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Mr Chew's Asian Beaver - Tia Ling.mpg.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Mr Chew's Asian Beaver - Tia Tanaka.avi.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Mr Chew's Asian Beaver - Veronica.mpg.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\ms5627500k.wmv.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\My First Sex Teacher.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\My Friends Hot Mom.1.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\My Friends Hot Mom.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\My Naughty Latin Maid.1.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\My Naughty Latin Maid.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\My Sister's Hot Friend - Michelle.mpeg.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\My XXX Secretary XXX [DVDRIP][All Sex][www.sexotorrent.com].torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\My_Friends_Hot_Mom-Mrs_Wyld_[NEW on 09-29-2005].wmv.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\nafin.1.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\nafin.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\NAUGHTY AMERICA - MY SISTERS HOT FRIEND.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Naughty America Collection.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Naughty America.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Naughty Office - Adrenalynn.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Naughty.Athletics.7.XXX.DVDrip.XviD-XCiTE.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Naughty.Bookworms.14.XXX.DVDRip.XviD-NYMPHO.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Naughty.College.Schoolgirls.53.2009.XXX.DVDRiP.Teen.XviD.ENGLISH-DivXfacTory.[www.pornofive.com].torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Naughty.Nannies.XXX.DVDRip.XviD-NYMPHO.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Naughty.Office.17.XXX.DVDRip.XviD-NYMPHO.1.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Naughty.Office.17.XXX.DVDRip.XviD-NYMPHO.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\NDS-R4v1.19.kernel(English).torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\NDS-R4v1.19.kernel(English)nuthouse.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\NEW 2008! Cockasian 3 - anal asian porn.wmv.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\New Folder.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Nurses xXx DVDRip.XviD.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Nurses.XXX.DVDRiP.XviD-VBT.1.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Nurses.XXX.DVDRiP.XviD-VBT.2.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Nurses.XXX.DVDRiP.XviD-VBT.3.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Nurses.XXX.DVDRiP.XviD-VBT.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Oceans Eleven[KonzillaRG][DVDrip][ENG][MP3].torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Operation.Tropical.Stormy.XXX.DVDRip.XviD-STARLETS.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Oral.Exams.[English].XXX.DVDRiP.XviD-[WwW.TorrentesX.CoM].avi.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Oriental Orgy World 4 XXX [DVDRIP][Orgy][www.sexotorrent.com].torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Oriental.Orgy.World.6.XXX.DVDRip.XviD-NYMPHO.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\P2.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Paris Hilton - One Night in Paris.avi.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Pirates (XXX) (2005).avi.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Pleasure 2-2 Scenes.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Pop Piano Sheet music (1000++ sheets).torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Porno Valley S01E03 Tightie Whities Divx DishRip.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Porno Valley S01E04 A Penny For Your Thong Divx DishRip.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\pr0n.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Pussyman Asian Assault 2.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Random Naughty America Videos.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Real Jennifer Aniston in Lingerie.wmv.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Real Wife Stories 4 (2009) XXX [DVDRip][WwW.XxXViCiOsASZT.CoM].torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Real.College.Girls.18.XXX.DVDRip.XviD-NYMPHO.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Real.Female.Orgasms.8.[www.kiborg.org]XXX.DVDRiP.avi.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\resume.dat
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\resume.dat.old
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\rss.dat
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\rss.dat.old
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Sakura Tales 12.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Sakura Tales 9 XXX [DVDRIP][Asian][www.sexotorrent.com].1.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Sakura Tales 9 XXX [DVDRIP][Asian][www.sexotorrent.com].torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Schoolgirl.POV.7.[English].XXX.DVDRiP.XviD-[WwW.TorrentesX.CoM].torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Scrubs.A.XXX.Parody.XXX.[English].XXX.DVDRiP.XviD-[WwW.TorrentesX.CoM].avi.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Season 20.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Secret.Diary.Of.A.Secretary.XXX.DVDRip.XviD-NYMPHO.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Secretaries.2.XviD-PORNOLATiON.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Seinfeld.A.XXX.Parody.XXX.DVDRip.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\settings.dat
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\settings.dat.old
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Sex.Drive[2008][Unrated.Edition]DvDrip-aXXo.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Sextape.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Shanes.World.Asian.Vacation.avi.1.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Shanes.World.Asian.Vacation.avi.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Showgirls (1995).avi.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\shyla stylez - supporting the boss.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Simpsons Season 20.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\sinful asians 2 MP4 - split -.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Sinful Comics{Crk FngrZ}.zip.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Slant.Eye.For.The.Straight.Guy.01.XviD.1.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Slant.Eye.For.The.Straight.Guy.01.XviD.2.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Slant.Eye.For.The.Straight.Guy.01.XviD.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\StarStruck[2000]DvDRip-Pirate2012.avi.1.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\StarStruck[2000]DvDRip-Pirate2012.avi.2.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\StarStruck[2000]DvDRip-Pirate2012.avi.3.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\StarStruck[2000]DvDRip-Pirate2012.avi.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Stoya.Heat.XXX.DVDRip.XviD-NYMPHO.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Strictly Sexual 1337x-X.avi.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\STRIPTEASE [Demi Moore 1996][DVDRip DivX Spanish][www.GureTorrents.com].torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Suck.It.Dry.6.XXX.DVDRiP.XviD-DivXfacTory.1.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Suck.It.Dry.6.XXX.DVDRiP.XviD-DivXfacTory.2.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Suck.It.Dry.6.XXX.DVDRiP.XviD-DivXfacTory.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Suck.My.Cock.3.XXX.DVDRip.XviD-XCiTE.1.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Suck.My.Cock.3.XXX.DVDRip.XviD-XCiTE.2.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Suck.My.Cock.3.XXX.DVDRip.XviD-XCiTE.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Sweet Asian Dreams XXX [DVDRip][Asian][www.lokotorrents.com].torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Sweet Cheeks 11.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Sweet.Asian.Dreams.2009.XXX.DVDRiP.ASIAN.XviD.ENGLISH-NYMPHO.[www.pornofive.com].torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Swimsuit.Calendar.Girls.3.[English].XXX.DVDRiP.XviD-[WwW.TorrentesX.CoM].torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\taw_kiara_diane.wmv.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Tease Before the Please 3.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Teen Asian Angels XXX [DVDRip][www.zonatorrent.com].torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Teens.Like.It.Big.Madison.Ivy.XviD.DVDRip.avi.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Tera Patrick - Loose screw scene 3.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Tera Patrick - Wild Honey.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\The Simpsons Series 20.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\The Simpsons Songs In The Key Of Springfield.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\The.Office.A.XXX.Parody.[English].XXX.DVDRiP.XviD-[WwW.TorrentesX.CoM].1.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\The.Office.A.XXX.Parody.[English].XXX.DVDRiP.XviD-[WwW.TorrentesX.CoM].torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\The.Simpsons.S20E19.720p.HDTV.X264-DIMENSION.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\The_Sweetest_Thing(2002)divx_nlsubs_NLT-Release.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\TopNotchBitches-Keri Sable.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Uniform Babes.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Video Files.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\VIDZ.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Water Sports XXX [DVDRIP][Anal][www.sexotorrent.com].torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Wedding.Crashers[2005]DVDRip.AC3[Eng].avi.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Wet Nurse - RHD - ( xxx adult porn ).avi.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\What An Ass 3.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Whoriental Sex Academy 6.mpg.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Wicked - Roommates.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Windows Media Player 12 (English) + WGA Pass.rar.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\X-Men DVD part 1.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\xcite-asiancoeds.avi.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\XXX.Merry.Christmas.Pack.2008-part1.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Young asian teen Lily Thai has squirting orgasms.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Zack And Miri Make A Porno 2008 BDRip H264 AAC-SecretMyth (Kingdom-Release).torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Zack.And.Miri.Make.A.Porno.2008.R5.DVDRiP.XViD.1.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Zack.And.Miri.Make.A.Porno.2008.R5.DVDRiP.XViD.torrent
c:\documents and settings\Aaron Ko\Application Data\BitTorrent\Zack.And.Miri.Make.A.Porno[2008-DVD]tesuploader.avi.torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\[DB]_Naruto_Movie_[D367824A].avi.torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\[DB]_Naruto_Movie_2_[1E8A1B97].avi.torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\[DB]_Naruto_Movie_3_[C688AE50].avi.torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\[DB]_Naruto_Shippuuden_086-087_[B46272E9]_mp_2.mpeg.torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\[DB]_Naruto_Shippuuden_Movie_[75F57621].avi.torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\[NDS-USA]Knights in the Nightmare (U)(PYRiDiA).rar.torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\[NDS]Age_of_Empires_Mythologies[EUR][ESPALNDS.com].zip.torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\[NDS]Anno_1701_Dawn_of_Discovery[USA][ESPALNDS.com].zip.torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\[NDS]Shin_Megami_Tensei_Devils_Survivor[USA][ESPALNDS.com].zip.torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\[NDS]Suikoden_Tierkreis[EUR][ESPACONSOLAS.com].rar.torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\[NDS]Transformers_Revenge_of_the_Fallen_Autobots[EUR][ESPALNDS.com].zip.torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\[NDS]Transformers_Revenge_of_the_Fallen_Decepticons[EUR][ESPALNDS.com].zip.torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\17 Again (2009) [djfred].torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\3517 - Grand Theft Auto Chinatown Wars (two patched versions) USA NDS idgamez.co.uk.zip.torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\Age_Of_Empires_III_The_Asian_Dynasties-FLT.torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\Autograph.torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\Autograph.v3.11.rar.torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\BatmanTheDarkKnight DVDSCR.avi.torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\Bedtime Stories (2008) [djfred].torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\Beyonce ft.Kaneri Diamond - SINGLE LADIES.torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\Beyone Single Ladies.mp3.torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\bittorrent.lng
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\Black Eyed Peas -The E.N.D. [DE] [2009][2CD+SkidVid_XviD+Cov].torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\Body of Lies (2008) [djfred].torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\Bolt (2008) [djfred].torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\civil war.torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\Code (2009) [djfred].torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\Complete, Chronological Marvel Civil War.torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\Crossing Over (2009) [djfred].torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\Deception (2008) [djfred].torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\dht.dat
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\dht.dat.old
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\Dragon_Quest The Hand of The Heavenly Bride(patched).zip.torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\Dragonball Evolution (2009) [djfred].torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\Duplicity (2009) [djfred].torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\Fight Club[1999]DvDrip[ENG] - CANiBUS.mp4.torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\Final Fantasy Crystal Chronicles Echoes of Time (EU Fixed).rar.torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\Finance Management Accounting Dictionary of financial and business terms 1.rar.torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\Futurama- Bender's Big Score (2007) DVDRip Occor.avi.torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\Futurama- The Beast with a Billion Backs DVDRip Occor.avi.torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\Futurama Benders Game (2008) DVDRip Occor.avi.torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\Futurama Into The Wild Green Yonder.torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\Get Smart 2008 [djfred].torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\Green Day - 21st Century Breakdown [2009][CD+SkidVid_XviD+Cov].torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\Hancock [Unrated] 2008 [djfred].torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\Hellboy II The Golden Army 2008 [djfred].torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\Horton Hears a Who (2008) [djfred].torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\How to Play the Guitar like a Pro! - Learn Guitar book pdf.torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\I Am Legend 2007.avi.torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\I Love You, Man (2009) [djfred].torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\Indiana Jones and the Kingdom of the Crystal Skull 2008 [djfred].torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\Indiana Jones and The Kingdom of the Crystal Skull.avi.torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\James_Bond Quantum of Solace (2008) DVDSCR.wmv.torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\Jumper 2008 [djfred].torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\Kung Fu Panda 2008 [djfred].torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\Lady GaGa - The Fame [2008][CD+SkidVid_XviD+Cov]320Kbps.torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\Madea Goes to Jail (2009) [djfred].torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\MADONNA STICKY & SWEET TOUR LIVE IN ROME 06.09.2008 Full Best Quality - MPEG2 V5.0.mpg.torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\Malcolm in the Middle - Complete.torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\Mamma Mia! (2008) [djfred].torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\Marvel Ultimate Alliance 2 USA NDS-XPA.rar.torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\Max Payne (2008) [djfred].torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\Meet the Spartans 2008 [djfred].torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\National Treasure 2 Book of Secrets 2007 [djfred.torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\NBA 2K9 [MULTI5][PCDVD][WwW.GamesTorrents.CoM].torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\NHL.09-RELOADED.torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\Nickelback - Dark Horse [2008][CD+SkidVid_XviD+Cov]320Kbps.torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\Night Train (2009) [djfred].torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\NIS2009.torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\NKOTB-The Block [Deluxe][2008][CD+2 SkidVid_XviD+Cov].torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\NUAccTXm_3538_Grand_Theft_Auto_Chinatown_Wars_EUR (WIFI WORKING PATCHED BY xxJayx).nds.torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\Office Space[1999]DVDRip[Eng]-NuMy.avi.torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\Office.Space.1999.DVDRip.WS.XviD.iNT-ReVOLT.torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\Passchendaele 2008 DVDRip H264 AAC-SecretMyth (Kingdom-Release).torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\Paul Blart Mall Cop (2009) [djfred].torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\Paul Blart Mall Cop [CAM].torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\Pcsx2.rar.torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\Pink - Funhouse [Explicit] [2009][SkidVid_XviD].torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\Pride and Glory (2008) [djfred].torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\Quantum of Solace (2008) [djfred].torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\Race to Witch Mountain (2009) [djfred].torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\resume.dat
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\resume.dat.1.bad
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\resume.dat.old
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\Righteous.Kill[2008]-(thismoviesonme.com).avi.torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\Role Models (2008) [djfred].torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\rss.dat
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\rss.dat.old
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\Russell Peters Red, White & Brown_DVDrip_XviD-NHH.avi.torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\Sean Kingston - Fire Burning [2009][SkidVid_XviD].torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\Season 18 - Complete.torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\Season 19 - Complete.torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\settings.dat
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\settings.dat.old
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\Spore-RELOADED.torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\Star Wars The Clone Wars 2008 [djfred].torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\Taken (2008) [djfred].torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\Tekken 5 PS2 (NTSC).torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\The Alphabet Killer (2008) [djfred].torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\The Chronicles of Narnia Prince Caspian (2008) [djfred].torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\The Dark Knight (2008) [djfred].torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\The Day the Earth Stood Still (2008) [djfred].torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\The Forbidden Kingdom 2008 [djfred].torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\The Killers - A Crippling Blow [Main Version].torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\The Killers - Day And Age [2008][CD+SkidVid_XviD+Cov].torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\The Killers - Hot Fuss [Full Album].torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\The Killers - Sams Town.torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\The Last House on the Left (Unrated-Rated) (2009) [djfred].torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\The Mummy - Tomb of the Dragon Emperor (2008) [djfred].torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\The Pink Panther 2 (2009) [djfred].torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\The Spirit (2008) [djfred].torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\The Tale of Despereaux (2008) [djfred].torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\The Who - My Generation (Deluxe 2CD) [EAC-CUE-FLAC] [RePoPo].torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\The Who - Tommy.torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\The Who - Who's Next Deluxe Edition [2CD] (320).torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\transformers directors cut mpeg FULL b.rar.torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\Transporter 3 (2008) [djfred].torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\Tropic Thunder 2008 [djfred].torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\Twilight (2008] [djfred].torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\W. (2008) [djfred].torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\WALL·E 2008 [djfred].torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\Watchmen (2009) [djfred].torrent
c:\documents and settings\Nathan Ko\Application Data\BitTorrent\X-Men Origins Wolverine (2009) [djfred].torrent
c:\documents and settings\Nathan Ko\Application Data\DNA
c:\documents and settings\Nathan Ko\Application Data\DNA\dht.dat
c:\documents and settings\Nathan Ko\Application Data\DNA\dht.dat.old
c:\documents and settings\Nathan Ko\Application Data\DNA\dna.lng
c:\documents and settings\Nathan Ko\Application Data\DNA\resume.dat
c:\documents and settings\Nathan Ko\Application Data\DNA\resume.dat.old
c:\documents and settings\Nathan Ko\Application Data\DNA\rss.dat
c:\documents and settings\Nathan Ko\Application Data\DNA\rss.dat.old
c:\documents and settings\Nathan Ko\Application Data\DNA\settings.dat
c:\documents and settings\Nathan Ko\Application Data\DNA\settings.dat.old
c:\program files\DNA
c:\program files\DNA\btdna.exe
c:\program files\DNA\DNAcpl.cpl
c:\program files\DNA\plugins\npbtdna.dll
c:\windows\Installer\3e31a1.msp
c:\windows\Installer\46bc7b7.msp
c:\windows\Installer\66ff01.msp
c:\windows\Installer\ef574d.msp

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_GARENAPENGINE
-------\Service_GarenaPEngine


((((((((((((((((((((((((( Files Created from 2009-09-15 to 2009-10-15 )))))))))))))))))))))))))))))))
.

2009-09-29 03:08 . 2009-09-29 03:08 -------- d-----w- c:\documents and settings\Aaron Ko\Local Settings\Application Data\PCHealth
2009-09-26 22:57 . 2009-09-26 22:57 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2009-09-22 00:48 . 2009-09-22 00:48 -------- d-----w- c:\documents and settings\Aaron Ko\Local Settings\Application Data\Sophos
2009-09-22 00:46 . 2009-09-22 00:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Sophos
2009-09-22 00:41 . 2009-10-11 05:21 -------- d-----w- c:\program files\Sophos
2009-09-22 00:41 . 2009-09-22 00:41 -------- d-----w- c:\temp\Sophos
2009-09-22 00:40 . 2009-09-22 00:41 -------- d-----w- C:\Temp
2009-09-19 22:56 . 2009-09-19 22:56 -------- d-sh--w- c:\documents and settings\Peter Ko\IECompatCache
2009-09-19 22:54 . 2009-09-19 22:54 -------- d-sh--w- c:\documents and settings\Peter Ko\PrivacIE
2009-09-19 22:51 . 2009-09-19 22:51 -------- d-sh--w- c:\documents and settings\Peter Ko\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-15 01:35 . 2008-12-18 19:50 -------- d-----w- c:\program files\Steam
2009-10-15 01:08 . 2008-06-15 22:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-10-10 05:45 . 2007-11-24 07:22 -------- d-----w- c:\program files\Warcraft III
2009-09-22 03:35 . 2009-03-11 20:48 655940 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-09-22 03:35 . 2009-03-11 20:48 48896544 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-09-22 03:35 . 2009-03-11 20:48 1652768 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-09-22 03:35 . 2009-03-11 20:48 155996 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-09-22 03:19 . 2008-01-04 00:42 -------- d-----w- c:\documents and settings\All Users\Application Data\TELUS
2009-09-22 03:19 . 2008-01-18 17:20 -------- d-----w- c:\documents and settings\Colleen Ko\Application Data\TELUS
2009-09-22 03:19 . 2008-01-12 01:09 -------- d-----w- c:\documents and settings\Ian Ko\Application Data\TELUS
2009-09-22 03:19 . 2008-01-06 05:26 -------- d-----w- c:\documents and settings\Nathan Ko\Application Data\TELUS
2009-09-22 03:19 . 2008-01-04 00:42 -------- d-----w- c:\documents and settings\Peter Ko\Application Data\TELUS
2009-09-22 03:18 . 2008-01-09 03:55 -------- d-----w- c:\documents and settings\Aaron Ko\Application Data\TELUS
2009-09-22 03:18 . 2008-01-04 00:40 -------- d-----w- c:\program files\TELUS
2009-09-19 22:53 . 2009-09-19 22:53 4958032 ----a-w- c:\documents and settings\Peter Ko\Application Data\pdinstall.exe
2009-09-19 22:52 . 2007-11-03 22:28 201424 ----a-w- c:\documents and settings\Peter Ko\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-10 16:21 . 2009-01-24 01:01 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-10 06:21 . 2008-10-30 04:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-09-05 21:40 . 2008-02-04 07:12 -------- d-----w- c:\documents and settings\Nathan Ko\Application Data\U3
2009-09-05 07:35 . 2009-06-24 22:16 -------- d-----w- c:\documents and settings\Nathan Ko\Application Data\My Battle for Middle-earth(tm) II Files
2009-09-05 07:14 . 2009-04-19 03:53 -------- d-----w- c:\program files\Electronic Arts
2009-08-31 17:35 . 2008-07-14 00:34 34 ----a-w- c:\documents and settings\Nathan Ko\jagex_runescape_preferences.dat
2009-08-22 07:07 . 2007-11-06 01:10 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2009-08-22 05:42 . 2009-08-22 05:23 -------- d-----w- c:\documents and settings\Nathan Ko\Application Data\Nero
2009-08-22 05:22 . 2009-08-22 05:20 -------- d-----w- c:\program files\Common Files\Nero
2009-08-22 05:21 . 2009-08-22 05:20 -------- d-----w- c:\program files\Nero
2009-08-22 05:21 . 2009-08-22 05:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-08-05 09:01 . 2005-03-02 23:44 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:01 . 2005-03-02 23:44 58880 ----a-w- c:\windows\system32\atl.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-10-10_18.30.09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-15 01:35 . 2009-06-19 23:29 73728 c:\windows\temp\sophos_autoupdate1.dir\xmltok.dll
+ 2009-10-15 01:35 . 2009-06-19 23:29 57344 c:\windows\temp\sophos_autoupdate1.dir\xmlparse.dll
+ 2009-10-15 01:35 . 2009-06-19 23:29 14336 c:\windows\temp\sophos_autoupdate1.dir\xmlcpp.dll
+ 2009-10-15 01:35 . 2009-06-19 23:29 18432 c:\windows\temp\sophos_autoupdate1.dir\SharedRes.dll
+ 2009-10-15 01:35 . 2009-06-19 23:29 20480 c:\windows\temp\sophos_autoupdate1.dir\crypto.dll
+ 2009-10-15 01:35 . 2009-06-19 23:29 45056 c:\windows\temp\sophos_autoupdate1.dir\boost_date_time-vc71-mt-1_32.dll
+ 2009-10-15 01:33 . 2009-10-15 01:33 16384 c:\windows\temp\Perflib_Perfdata_7b0.dat
+ 2009-10-15 01:33 . 2009-10-15 01:33 16384 c:\windows\temp\Perflib_Perfdata_700.dat
+ 2009-10-15 01:35 . 2009-09-11 22:40 2970 c:\windows\temp\sophos_autoupdate1.dir\scf.dat
+ 2009-10-15 01:35 . 2009-06-19 23:29 208896 c:\windows\temp\sophos_autoupdate1.dir\retailer.dll
+ 2009-10-15 01:35 . 2009-06-19 23:29 348160 c:\windows\temp\sophos_autoupdate1.dir\MSVCR71.DLL
+ 2009-10-15 01:35 . 2009-06-19 23:29 499712 c:\windows\temp\sophos_autoupdate1.dir\MSVCP71.DLL
+ 2009-10-15 01:35 . 2009-06-19 23:29 745472 c:\windows\temp\sophos_autoupdate1.dir\libeay32.dll
+ 2009-10-15 01:35 . 2009-06-19 23:29 159744 c:\windows\temp\sophos_autoupdate1.dir\libcurl.dll
+ 2009-10-15 01:35 . 2009-09-11 22:40 176128 c:\windows\temp\sophos_autoupdate1.dir\CidSync.dll
+ 2009-10-15 01:35 . 2009-09-11 22:40 172032 c:\windows\temp\sophos_autoupdate1.dir\ChannelUpdater.dll
+ 2009-10-15 01:35 . 2009-09-11 22:40 663552 c:\windows\temp\sophos_autoupdate1.dir\ALUpdate.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-08 68856]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"Steam"="c:\program files\steam\steam.exe" [2009-06-12 1217784]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-10 344064]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-02-08 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-02-08 126976]
"VZRemoteCommander"="c:\program files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe" [2005-01-31 192512]
"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]
"VAIO Update 3"="c:\program files\Sony\VAIO Update 3\VAIOUpdt.exe" [2007-05-16 551032]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"Adobe Version Cue CS2"="c:\program files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-05 856064]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2005-03-15 196608]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2005-03-23 217088]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"Profiler"="c:\program files\Saitek\Software\Profiler.exe" [2004-01-28 159744]
"SaiSmart"="c:\program files\Saitek\Software\SaiSmart.exe" [2004-01-28 98304]
"TELUS_eCare_Lite_McciTrayApp"="c:\program files\TELUS_eCare_Lite\eCareTrayApp.exe" [2007-01-24 1007720]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-27 282624]
"Auto Auto EPSON Stylus CX3800 Series on sony on TOSHIBA"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE" [2005-02-08 98304]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-07-10 195072]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"Auto EPSON Stylus CX3800 Series on HP-KO"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE" [2005-02-08 98304]
"Tsa.exe"="c:\program files\TELUS\TELUS security advisor\Tsa.exe" [2008-09-18 3228912]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2004-06-29 88363]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" - c:\windows\system32\Hdaudpropshortcut.exe [2004-08-13 61952]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-11-02 77824]
"AlcWzrd"="ALCWZRD.EXE" - c:\windows\ALCWZRD.EXE [2004-11-29 2748928]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2007-11-3 25214]
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart17.exe [2006-3-5 11000]
AutoUpdate Monitor.lnk - c:\program files\Sophos\AutoUpdate\ALMon.exe [2009-9-11 245760]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2008-1-26 118784]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"=
"c:\\Program Files\\Starcraft\\StarCraft.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Games\\Halo\\halo.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Battlefront II\\GameData\\BattlefrontII.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Steam\\SteamApps\\blazerino\\team fortress 2\\hl2.exe"=
"c:\\WINDOWS\\system32\\lmabcoms.exe"=

R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 8:19 PM 13592]
S3 SaiH0109;SaiH0109;c:\windows\system32\drivers\SaiH0109.sys [12/14/2007 6:04 PM 55936]
S3 SaiU0109;SaiU0109;c:\windows\system32\drivers\SaiU0109.sys [12/14/2007 6:04 PM 19456]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-10-15 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-11-04 02:41]

2009-10-15 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 03:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.ca/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - c:\program files\QuickTax 2007\ic2007pp.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-14 18:34
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(792)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(636)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\hnetcfg.dll
c:\program files\ArcSoft\PhotoImpression 5\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\lexbces.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\windows\system32\E_S00RP1.EXE
c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lmabcoms.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\Sophos\AutoUpdate\ALsvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Adobe\Adobe Acrobat 7.0\Distillr\acrodist.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Completion time: 2009-10-15 18:41 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-15 01:41
ComboFix2.txt 2009-10-10 18:32

Pre-Run: 40,892,801,024 bytes free
Post-Run: 40,732,450,816 bytes free

662 --- E O F --- 2009-10-12 04:41



this time when i turned the comp on, the - enable protection thing didn't pop up

[Carolyn]

Sounds like we are making progress

Please run the ESET online scan that I requested in earlier and post the resulting log for my review.

[anonymity]

These are the infected files:

C:\Documents and Settings\All Users\Documents\Bittorrent (new)\Autograph\Autograph.v3.11.WinALL-CHiCNCREAM.rar a variant of Win32/HackTool.Patcher.A application
C:\Documents and Settings\All Users\Documents\Bittorrent (new)\The Killers - Hot Fuss [Full Album]\05 - All These Things That I've Done.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan

[Carolyn]

Hello,

Using Windows Explore by right-clicking the Start button and left clicking Explore navigate to and find the following files: if found, delete them (some may not be present after previous steps):

C:\Documents and Settings\All Users\Documents\Bittorrent (new)\Autograph\Autograph.v3.11.WinALL-CHiCNCREAM.rar <<File
C:\Documents and Settings\All Users\Documents\Bittorrent (new)\The Killers - Hot Fuss [Full Album]\05 - All These Things That I've Done.mp3 <<File

Now empty you’re Recycle Bin.

==============

I won't comment on the "Bittorrent (new)" folder other than to remind you that if you become infected due to the use of P2P programs, you will not receive further assistance from this forum.

==============

Update Java Runtime and Run JavaRa

Download Java Runtime

• Go to HERE to download Java Runtime Environment Version 6 Update 13
  
• Click on the link named Java Runtime Environment (JRE) 6 Update 13
  
• Click on the radio button to Accept License Agreement
  
• Click on Windows Offline Installation Multi-language and save the downloaded file to your desktop

Run JavaRa

• Please download JavaRa and unzip it to your desktop.
  
• Double-click on JavaRa.exe to start the program.
  
• From the drop-down menu, choose English and click on Select.
  
• JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  
• Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  
• A logfile will pop up. Please save it to a convenient location.

Install Java

• Install the new version of Java by running the newly-downloaded file ( jre-6u13-windows-i586-p.exe) with the java icon which will be at your desktop, and follow the on-screen instructions.
  
• Reboot your computer

==============

Update Adobe Acrobat Reader

There is a newer version of Adobe Acrobat Reader available.

• Please go to this link Adobe Acrobat Reader Download Link
• On the right Untick Adobe Phototshop Album Starter Edition if you do not wish to include this in the installation.
• Click the Continue button
• Click Run, and click Run again
• Next click the Install Now button and follow the on screen prompts

When the installation is complete go to Add/Remove Programs and uninstall all previous versions.

==============

This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are

Your log now appears to be clean. Congratulations!

Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints Malware Complaints. You need to be registered to post as, unfortunately, we were hit with too many spam posts to allow guest posting to continue. Just find your country room and register your complaint.

Delete ComboFix and Clean Up

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u

Please advise if this step is missed for any reason as it performs some important actions.

OTC

Download OTC by Old Timer and save it to your Desktop.


• Double-click OTC.exe
  
• Click the CleanUp! button
  
• Select Yes when the Begin cleanup Process? Prompt appears
  
• If you are prompted to Reboot during the cleanup, select Yes
  
• The tool will delete itself once it finishes, if not delete it by yourself

Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

Protection Programs
Don't forget to re-enable any protection programs we disabled during your fix.

General Security and Computer Health
Below are some steps to follow in order to dramatically lower the chances of reinfection. You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented.


• Set correct settings for files
  
  • Click Start > My Computer > Tools menu (at top of page) > Folder Options > View tab.
    
  • Under Hidden files and folders if necessary select Do not show hidden files and folders.
    
  • If unchecked please check Hide protected operating system files (Recommended)
    
  • If necessary check Display content of system folders
    
  • If necessary Uncheck Hide file extensions for known file types.
    
  • Click OK
  
  
  
• Make sure that you keep your antivirus updated
  New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
  Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
  
  
• Security Updates for Windows, Internet Explorer & Microsoft Office
  Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.
  Note: The update process uses ActiveX, so you will need to use internet explorer for it and allow the ActiveX control to install.
  
  
• Update Non-Microsoft Programs
  Microsoft isn't the only company whose products can contain security vulnerabilities. To check whether other programs running on your PC are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it at least once a month.
  
  
  Recommended Programs
  
  I would recommend the download and installation of some or all of the following programs (if not already present), and the updating of them on a regular basis.
  
  
  • WinPatrol
    As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. For more information, please visit HERE.
    
    
  • Malwarebytes' Anti-Malware or SuperAntiSpyware
    These are anti-malware applications that can thoroughly remove even the most advanced malware. They include a number of features, including a built in protection monitor that blocks malicious processes before they even start.
    You can download Malwarebytes' Anti-Malware from HERE. You can find a tutorial HERE.
    You can download SuperAntiSpyware from HERE.
    
    
  • Hosts File
    For added protection you may also like to add a host file. A simple explanation of what a Hosts file does is HERE and for more information regarding host files read HERE.
    
    Be sure to disable the service "DNS Client" FIRST to allow the use of large HOSTS files without slowdowns.
    If this isn't done first, the next reboot may take a VERY LONG TIME.
    This is how to do it. First be sure you are signed in as a user with administrative privileges:
    

    Stop and Disable the DNS Client Service
    Go to Start, Run and type Services.msc and click OK.
    Under the Extended Tab, Scroll down and find this service.
    DNS Client
    Right-Click on the DNS Client Service. Choose Properties
    Select the General tab. Click on the Stop button.
    Click the Arrow-down tab on the right-hand side at the Start-up Type box.
    From the drop-down menu, click on Manual
    Click the Apply tab, then click OK

    
    
    
  • Use an alternative Internet Browser
    Many of the exploits are directed to users of Internet Explorer. Try using a different browser instead:
    Firefox
    Opera

Finally I am trying to make one point very clear. It is absolutely essential to keep all of your security programs up to date.

Also please read this great article by Tony Klein So How Did I Get Infected In First Place

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

[NonSuch]

As this issue appears to be resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.